[kernel] r19441 - in dists/sid/linux/debian: . patches patches/features/all
Ben Hutchings
benh at alioth.debian.org
Sun Oct 21 02:52:08 UTC 2012
Author: benh
Date: Sun Oct 21 02:52:07 2012
New Revision: 19441
Log:
Add bug fixes for link security auditing
Added:
dists/sid/linux/debian/patches/features/all/fs-handle-failed-audit_log_start-properly.patch
dists/sid/linux/debian/patches/features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch
Modified:
dists/sid/linux/debian/changelog
dists/sid/linux/debian/patches/series
Modified: dists/sid/linux/debian/changelog
==============================================================================
--- dists/sid/linux/debian/changelog Sun Oct 21 02:43:35 2012 (r19440)
+++ dists/sid/linux/debian/changelog Sun Oct 21 02:52:07 2012 (r19441)
@@ -94,6 +94,8 @@
- sched: Better debug output for might sleep
- stomp_machine: Use mutex_trylock when called from inactive cpu
* [x86] storvsc: Account for in-transit packets in the RESET path
+ * fs: handle failed audit_log_start properly
+ * fs: prevent use after free in auditing when symlink following was denied
-- Ben Hutchings <ben at decadent.org.uk> Sat, 29 Sep 2012 14:19:46 +0200
Added: dists/sid/linux/debian/patches/features/all/fs-handle-failed-audit_log_start-properly.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux/debian/patches/features/all/fs-handle-failed-audit_log_start-properly.patch Sun Oct 21 02:52:07 2012 (r19441)
@@ -0,0 +1,30 @@
+From: Sasha Levin <sasha.levin at oracle.com>
+Date: Thu, 4 Oct 2012 19:57:31 -0400
+Subject: fs: handle failed audit_log_start properly
+
+commit d1c7d97ad58836affde6e39980b96527510b572e upstream.
+
+audit_log_start() may return NULL, this is unchecked by the caller in
+audit_log_link_denied() and could cause a NULL ptr deref.
+
+Introduced by commit a51d9eaa ("fs: add link restriction audit reporting").
+
+Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
+Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
+---
+ kernel/audit.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/kernel/audit.c b/kernel/audit.c
+index 4d0ceed..40414e9 100644
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -1440,6 +1440,8 @@ void audit_log_link_denied(const char *operation, struct path *link)
+
+ ab = audit_log_start(current->audit_context, GFP_KERNEL,
+ AUDIT_ANOM_LINK);
++ if (!ab)
++ return;
+ audit_log_format(ab, "op=%s action=denied", operation);
+ audit_log_format(ab, " pid=%d comm=", current->pid);
+ audit_log_untrustedstring(ab, current->comm);
Added: dists/sid/linux/debian/patches/features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux/debian/patches/features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch Sun Oct 21 02:52:07 2012 (r19441)
@@ -0,0 +1,30 @@
+From: Sasha Levin <sasha.levin at oracle.com>
+Date: Thu, 4 Oct 2012 19:56:40 -0400
+Subject: fs: prevent use after free in auditing when symlink following was
+ denied
+
+commit ffd8d101a3a7d3f2e79deee1e342801703b6dc70 upstream.
+
+Commit "fs: add link restriction audit reporting" has added auditing of failed
+attempts to follow symlinks. Unfortunately, the auditing was being done after
+the struct path structure was released earlier.
+
+Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
+Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
+---
+ fs/namei.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -664,9 +664,9 @@ static inline int may_follow_link(struct
+ if (parent->i_uid == inode->i_uid)
+ return 0;
+
++ audit_log_link_denied("follow_link", link);
+ path_put_conditional(link, nd);
+ path_put(&nd->path);
+- audit_log_link_denied("follow_link", link);
+ return -EACCES;
+ }
+
Modified: dists/sid/linux/debian/patches/series
==============================================================================
--- dists/sid/linux/debian/patches/series Sun Oct 21 02:43:35 2012 (r19440)
+++ dists/sid/linux/debian/patches/series Sun Oct 21 02:52:07 2012 (r19441)
@@ -64,6 +64,8 @@
# Add link security restrictions from 3.6
features/all/fs-add-link-restrictions.patch
features/all/fs-add-link-restriction-audit-reporting.patch
+features/all/fs-handle-failed-audit_log_start-properly.patch
+features/all/fs-prevent-use-after-free-in-auditing-when-symlink-f.patch
# Update all Hyper-V drivers to 3.4-rc1 (no longer staging)
features/x86/hyperv/0001-NLS-improve-UTF8-UTF16-string-conversion-routine.patch
More information about the Kernel-svn-changes
mailing list